For all of you that had the misfortune to suffer from a SQL Injection attack and the database is hosted on SQL Server, I have prepared a small script to eliminate all the malformed strings from the entire database.
DECLARE @table varchar(255)
DECLARE @column varchar(255)
DECLARE @rowValue varchar(5000)
DECLARE @injection varchar(200)
SET @injection = 'Evil String!' --Type here the evil malformed string
DECLARE tableCursor CURSOR FOR
SELECT [a].[Name], [b].[Name]
FROM sysobjects AS [a], syscolumns AS [b]
WHERE [a].[ID] = [b].[ID] AND
[a].[XType] = 'U' /* Table (User-Defined) */ AND
([b].[XType] = 99 /* NTEXT */ OR
[b].[XType] = 35 /* TEXT */ OR
[b].[XType] = 231 /* Nvarchar */ OR
[b].[XType] = 167 /* varchar */)
OPEN tableCursor
FETCH NEXT FROM tableCursor INTO @table,@column
WHILE (@@FETCH_STATUS = 0)
BEGIN
EXEC('DECLARE tableRowCursor CURSOR FOR SELECT ' + @column + ' FROM ' + @table + ' WHERE ' + @column + ' LIKE ''%' + @injection + '%'' ')
OPEN tableRowCursor
FETCH NEXT FROM tableRowCursor INTO @rowValue
WHILE (@@FETCH_STATUS = 0)
BEGIN
SET @rowValue = REPLACE(@rowValue,@injection,'')
EXEC('UPDATE ' + @table + ' SET ' + @column + '=''' + @rowValue + ''' WHERE CURRENT OF tableRowCursor')
--print 'UPDATE ' + @table + ' SET ' + @column + '=''' + @rowValue + ''' WHERE CURRENT OF tableRowCursor'
FETCH NEXT FROM tableRowCursor INTO @rowValue
END
CLOSE tableRowCursor
DEALLOCATE tableRowCursor
print 'Table healed - ' + @table
print 'Column healed - ' + @column
FETCH NEXT FROM tableCursor INTO @table, @column
END
CLOSE tableCursor
DEALLOCATE tableCursor
It is important to remember that the script above only replaces the exact match of the string. So if the column in your database has a maximum length of 20 and the first 16 characters are already filled, there are only 4 characters left to be filled by the evil string sql injection attack (e.g. filed contains string "abcdefghijklmnop" => the altered filed by the sql injection attack with string "Evil String!" will look loke this "abcdefghijklmnopqrEvil"). The recommendation is to loop with every single combination of the evil string.
Saturday, October 3, 2009
Sunday, March 29, 2009
How programmers read your CV :)
It's very clearly what a programmer is looking for when is evaluating a candidate.
Wednesday, February 18, 2009
Microsoft events in Romania
This is just a small post with the link (click here) to all the Microsoft events in Romania. All the Microsoft fans are invited and not only :)
Friday, December 5, 2008
Anti-RSI
Probably it's not the first time when you've heard that the mouse or the keyboard can cause serious injury while extensive using. It may look like a joke, but sitting hours and hours in front of your computer without physical exercises can have a negative impact over your muscles.
If you are the kind of people that forgets to move/eat/drink when is using the computer, then for your own sake, use a reminder or an alarm to inform you that it's time to act like a human being (at least for a couple of minutes).
One of the solutions is to install a free software on your computer like AntiRSI (if you are a Mac OS X user) or Workrave (if your are a Windows/Linux user) that will pop-up the hell out of you with annoying exasperating messages that most clearly will chase you down.
If you are the kind of people that forgets to move/eat/drink when is using the computer, then for your own sake, use a reminder or an alarm to inform you that it's time to act like a human being (at least for a couple of minutes).
One of the solutions is to install a free software on your computer like AntiRSI (if you are a Mac OS X user) or Workrave (if your are a Windows/Linux user) that will pop-up the hell out of you with annoying exasperating messages that most clearly will chase you down.
Subscribe to:
Posts (Atom)
